Committed to connecting the world


Part 1: ICT Standards Development Organizations and Their Work

1. Objectives of Roadmap

This ICT Security Standards Roadmap is intended to support the security standardization work of the ITU by identifying existing published security standards, standards that are in development, and areas where a need for standards has been identified but where work has not yet been initiated. Although the focus is primarily on standards in the ITU-T space (i.e. security standards relating to telecommunication networks), the standards and work of other formal and informal regional and international standards development organizations (SDOs) are included in this Roadmap. The Roadmap also identified existing collaborative projects and helps to identify possible opportunities for future collaboration. It is hoped that the Roadmap will contribute to the coordination of security standardization activities by providing an up-to-date summary of work that has been completed and work that is in progress across SDOs as well as identifying the major organizations participating in this work. By knowing what has been done already, and what work is in progress, it will be possible to avoid duplication of effort and also to identify gaps that need attention.

2. Structure and content

The Roadmap, which is considered a “work in progress” is currently structured with the intention that the primary publication medium will be the web. Although periodic paper publication is not precluded, it is important that the currency of the information be maintained and that the updating process be easy and timely. Publishing the Roadmap as a web document facilitates frequent updates and will make the document readily available to the widest possible audience at the lowest cost.

The information provided via Roadmap is expected to expand as the work of other SDOs is added. Currently, security standards of ATIS, ETSI, IEEE, IETF, ISO/IEC, ITU, OASIS, 3GPP and 3GPP2 are included. Further expansion to other organizations is anticipated as data is made available. 

This part of the Roadmap provides summaries of the standards work in progress by identifying the respective organizations and their overall work programs. (The actual standards are listed in Part 2 of the Roadmap using a fairly simple classification scheme.) In addition, this part of the Roadmap includes a section devoted to the very important topic of security definitions. In general, information in the body of the Roadmap is in the form of brief summaries and headings; more detailed information may be obtained by following the hot links. 

3. Key international and regional ICT security standards development organizations

Each international Standards Development Organization listed has a particular role in the development of ICT security standards. 

Standards of the following organizations are currently included in the Roadmap

3.1 Formal International Standards Development Organizations 

International Telecommunication Union - Telecommunication Standardization Sector (ITU-T) 

International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC)

3.2 Other international standards bodies and forums

Internet Engineering Task Force (IETF)

Organization for the Advancement of Structured Information Standards (OASIS)

The 3rd Generation Partnership Project (3GPP)

The 3rd Generation Partnership Project 2 (3GPP2)  

3.3 Regional standards development organizations

Alliance for Telecommunications Industry Solutions (ATIS)

The European Telecommunications Standards Institute (ETSI)

Institute of Electrical and Electronics Engineers

Regional Asia Information Security Standards Exchange (RAISS Forum)

 4. IT Security Definitions

Terminology forms a very important part of any standard. It is essential that terms used be clear and unambiguous. However, the development of definitions can often generate much discussion and divert attention from the more important task of developing a technical specification. In addition, in IT security, where diverse groups of experts are developing standards relatively independently, there is a great risk that multiple definitions will be developed for the same term or that similar definitions will be appended to different terms. A number of security glossaries have already been developed by SDOs. References are provided below. ITU-T SG17 urges that experts who are engaged in the development utilize existing definitions from these glossaries wherever possible. New terms should be defined only where an acceptable definition does not already exist. Further, if it is necessary to define a new term, it should not duplicate, or conflict with, a term that has already been defined in an existing standard. 

Existing security vocabularies

Compendium of ITU-T approved security definitions extracted from ITU-T recommendations

This document is a compendium of security-related definitions extracted from approved ITU-T Recommendations with a view toward establishing a common understanding (and use) of security terms within ITU-T. This listing will continue to be developed. 

ISO/IEC JTC 1/SC 27 Terminology 

This SC27 Standing Document (SD 6) contains terms and definitions that appear in SC 27 International Standards, Technical Reports and Drafts.

Internet Security Glossary 

This Glossary provides definitions, abbreviations, and explanations of terminology for information system security. The 334 pages of entries offer recommendations to improve the comprehensibility of written material that is generated in the Internet Standards Process (RFC 2026). The recommendations follow the principles that such writing should (a) use the same term or definition whenever the same concept is mentioned; (b) use terms in their plainest, dictionary sense; (c) use terms that are already well-established in open publications; and (d) avoid terms that either favor a particular vendor or favor a particular technology or mechanism over other, competing techniques that already exist or could be developed.

ETSI Glossary of security terminology ETR 232

Go to the above link and select “ETR” in the “Type” box and “232” in the “Number” box. (NOTE: ETR 232 was published in 1995)

ISO/IEC JTC1 SC 37 Harmonized Biometric Vocabulary 

This Standing Document (SD 2) of SC37 contains an extensive list of biometric-related definitions.


International Telecommunication Union

Telecommunication Standardization Sector (ITU-T)

The International Telecommunication Union – Telecommunication Standardization Sector (ITU-T) acts as a forum where governments and the private sector develop standards for global telecommunications networks and services. It is one of the Sectors of the International Telecommunication Union (ITU), an international specialized agency within the United Nations system. 

A guide to the ITU-T and how it operates is available at

Key study groups with security responsibilities

Study Group 17: Security
(Lead Study Group on security, identity management and languages and description techniques.

SG 17 is responsible for building confidence and security in the use of Information and Communication Technologies (ICTs). This includes studies relating to cybersecurity, security management, countering spam and identity management. It also includes security architecture and framework, protection of personally identifiable information, and security of applications and services for the Internet of Things, smart grid, smartphone, IPTV, web services, social network, cloud computing, mobile financial system, and telebiometrics. Also responsible for the application of open system communications including directory and object identifiers, and for technical languages, the method for their usage and other issues related to the software aspects of telecommunication systems, and for conformance testing to improve quality of Recommendations.

SG 17 has five Working Parties (WP): WP1 - Fundamental security; WP2 - Network and information security; WP3 - Identity management and cloud computing security; WP4 - Application security; and WP5 - Formal languages.

SG 17 has been designated the Lead Study Group in the ITU-T for security and identity management issues. The ITU-T security standardization effort is coordinated via Question 1/17.  Core activities of Q1/17 are centered on coordination, assignment and prioritization of efforts that will lead to ICT security Recommendations. 

All  SG 17 Questions have a specific security mandate or are security-related: 

ITU-T Study Group 17 - Study Group Structure and complete list of SG17 Questions

Study Group 2: Operational aspects of service provisionand telecommunications management
(Lead Study Group for service definition, numbering and routing, telecommunication for disaster relief/early warning, network resilience and recovery, and telecommunication management) 

Responsible for studies relating to:

  • principles of service provision, definition and operational requirements of service emulation;

  • numbering, naming, addressing requirements and resource assignment including criteria and procedures for reservation and assignment;

  • routing and interworking requirements;

  • human factors;

  • operational and management aspects of networks, including network traffic management, designations, and transport-related operations procedures;

  • operational aspects of interworking between traditional telecommunication networks and evolving networks;

  • evaluation of feedback from operators, manufacturing companies and users on different aspects of network operation;

  • management of telecommunication services, networks, and equipment via management systems, including support for next-generation networks (NGN) and the application and evolution of the telecommunication management network (TMN) framework;

  • ensuring the consistency of the format and structure of IdM identifiers; and

  • specifying interfaces to management systems to support the communication of identity information within or between organizational domains.

Security-related Questions:

Q1/2   Application of numbering, naming, addressing and identification plans for fixed and mobile telecommunications services

Q3/2   Service and operational aspects of telecommunications, including service definition Operational Aspects of Telecommunication Network Service Quality 

Q6/2   Management architecture and security 

Study Group 5: Environment and Climate Change
(Lead study group on electromagnetic compatibility and electromagnetic effects, as well as on ICTs and climate change)

Responsible for studying ICT environmental aspects of electromagnetic phenomena and climate change.

Responsible for studies relating to protection of telecommunication networks and equipment from interference and lightning.

Also responsible for studies related to electromagnetic compatibility (EMC), to safety and to health effects connected with electromagnetic fields produced by telecommunication installations and devices, including cellular phones.

Responsible for studies on the existing copper network outside plant and related indoor installations. 

Responsible for studies on methodologies for assessing the environmental impact of ICT, publishing guidelines for using ICTs in an eco-friendly way, tackling e-waste issues, and energy efficiency of the power feeding system.

Responsible for studies on how to use ICT to help countries and the ICT sector to adapt to the effects of environmental challenges, including climate change.

It is also identifying the needs for more consistent and standardised eco-friendly practices for the ICT sector (e.g. labelling, procurement practices, eco-rating schemes for mobile phones).

Security-related Questions: 

Q4/5   Resistibility and safety in telecommunications

Q5/5   Lightning protection and earthing of telecommunication systems 

Q6/5   EMC issues arising from the convergence of IT and communication equipment

Q9/5   Generic and product family EMC recommendations for telecommunication equipment

Q10/5  Security of telecommunication and information systems concerning the electromagnetic environment

Q17/5  Energy efficiency for the ICT sector and harmonization of environmental standards

Study Group 9: Broadband cable and TV
(Lead Study Group on integrated broadband cable and television networks.)

Responsible for studies relating to:

  • use of telecommunication systems for contribution, primary distribution and secondary distribution of television, sound programmes and related data services including interactive services and applications, extendable to advanced capabilities such as ultra-high definition television, 3D television, etc.;

  • use of cable and hybrid networks, primarily designed for television and sound programme delivery to the home, as integrated broadband networks to also carry voice or other time-critical services, video on demand, interactive services, etc. to home and enterprise customer premises equipment (CPE).

Security-related Questions: 

Q3/9   Methods and practices for conditional access, protection against unauthorized copying and against unauthorized redistribution (“redistribution control” for digital cable television distribution to the home)

Q7/9   Cable television delivery of digital services and applications that use Internet Protocol (IP) and/or packet-based data

Q8/9   The IP enabled multimedia applications and services for cable television networks enabled by converged platforms 

Q9/9   Requirements for advanced service capabilities for broadband cable home networks

Q10/9  Requirements, methods, and interfaces of the advanced service platforms to enhance the delivery of sound, television, and other multimedia interactive services over cable television network

Study Group 11: Signalling requirements, protocols and test specifications
(Lead Study Group on signalling and protocols, machine-tomachine (M2M) signalling and protocol and test pecifications, conformance and interoperability testing.

Responsible for studies relating to signalling requirements and protocols, including those for IP-based network technologies, NGN, M2M, IoT, FNs, Cloud Computing, mobility, some multimedia related signalling aspects, ad hoc networks (sensor networks, RFID, etc.), QoS, and internetwork signalling for legacy networks ATM, N ISDN and PSTN networks. In addition, studies relating to reference signalling architectures and test specifications for NGN and emerging network technologies (e.g., IoT etc.). 

Study Group 12: Performance, QoS and QoE
(Lead Study Group on Quality of Service and Quality of Experience and driver distraction and voice aspects of car communications)

Responsible for Recommendations on performance, quality of service (QoS) and quality of experience (QoE) for the full spectrum of terminals, networks and services ranging from speech over fixed circuit-based networks to multimedia applications over networks that are mobile and packet based. Included in this scope are the operational aspects of performance, QoS and QoE; the end-to-end quality aspects of interoperability; and the development of multimedia quality assessment methodologies, both subjective and objective.

Security-related Questions: 

Q11/12   Performance interworking and traffic management for Next Generation Networks

Q13/12   QoE, QoS and performance requirements and assessment methods for multimedia including IPTV

Q17/12   Performance of packet-based networks and other networking technologies

Study Group 13: Future networks including mobile and NGN
(Lead Study Group for future networks and NGN, and  mobility management and fixed-mobile convergence.) 

SG 13 continues studying NGN evolution; standardizing enhancements to NGNs as new services and applications emerge.

SG13 focuses on future networks (FNs) – networks of the future beyond NGN. The group is standardizing FNs with the objectives of service, data, environmental and socio-economic awareness. This study resulted in the completion of standardization efforts to support network virtualization, energy saving for FNs, and an identification framework. Future plans are to develop different facets of the smart ubiquitous network, requirements of network virtualization for FNs, framework of telecom SDN (software-defined networking) and requirements of formal specification and verification methods for SDN.

Cloud computing is an important part of SG13 work and the group develops standards that detail requirements and functional architectures of the cloud computing ecosystem, covering inter- and intra-cloud computing and technologies supporting XaaS (X as a Service). This work includes infrastructure and networking aspects of cloud computing models, as well as deployment considerations and requirements for interoperability and data portability. Given that cloud computing relies on the interplay of a variety of telecom and IT infrastructure resources, SG13 develops standards enabling consistent end-to-end, multi-cloud management and monitoring of services exposed by and across different service providers’ domains and technologies.

SG13’s standardization work also covers network aspects of the Internet of Things (IoT), additionally ensuring support for IoT across FNs as well as evolving NGNs and mobile networks. Cloud computing in support of IoT is an integral part of this work.

The group also looks at network aspects of mobile telecommunications. This work includes IMT-2000 and IMT-Advanced (ITU-R standards commonly referred to as 3G and 4G, respectively); wireless Internet; mobility management; mobile multimedia network functions; internetworking; and enhancements to existing ITU-T Recommendations on IMT.

Security-related Questions: 

Q8/13 Security and identity management in evolving managed networks (including software-defined networking) 

Study Group 15: Optical transport networksand access network infrastructures
(Lead Study Group on access network transport,  optical technology and optical transport networks, and on smart grid)

ITU-T Study Group 15 is responsible for the development of standards on optical transport network, access network, home network and power utility network infrastructures, systems, equipment, optical fibres and cables, and their related installation, maintenance,management, test, instrumentation and measurement techniques, and control plane technologies to enable the evolution toward intelligent transport networks, including the support of smart-grid applications. This encompasses the development of related standards for the customer premises, access, metropolitan and long-haul sections of communication networks, as well as for power utility networks and infrastructures from transmission to load.

Security-related Questions: 

Q3/15  General characteristics of optical transport networks (G.911) 

Q9/15  Transport equipment and network protection/restoration (G.808.1, G.841, G.842, G.873.1) 

Q14/15  Management and control of transport systems and equipment 

Q16/15  Outside plant and related indoor installation

Q17/15 Maintenance and operation of optical fibre cable networks 

Study Group 16: Multimedia coding, systems and applications
(Lead Study Group on multimedia coding, systems and applications, ubiquitous and Internet of Things applications, telecommunication/ICT accessibility for persons with disabilities, and on IPTV)

Responsible for studies relating to ubiquitous applications, multimedia capabilities for services and applications for existing and future networks, including NGN and beyond. This encompasses accessibility, multimedia architectures, terminals, protocols, signal processing, media coding and systems (e.g. network signal processing equipment, multipoint conference units, gateways, and gatekeepers). 

Security-related Questions: 

Q1/16 Multimedia systems, terminals and data conferencing (H.233, H.234) 

Q2/16 Packet-based conversational multimedia systems and functions (H.325, H.350.2)


International Organization for Standardization (ISO) and

International Electrotechnical Commission (IEC)

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National Bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, in liaison with ISO and IEC, also take part in the work.

In the field of information technology, ISO and IEC have established a Joint Technical Committee 1: ISO/IEC JTC 1. This committee has responsibility for standardization in the area of information technology. Within JTC 1 are a number of technical committees of which Subcommittee 27 (SC27) is the lead subcommittee (SC) on IT security.

Key ISO/IEC JTC 1 Subcommittees with security responsibilities
(see also

ISO/IEC JTC 1/SC 6  Telecommunications and Information Exchange Between Systems

Area of Work

Standardization in the field of telecommunications dealing with the exchange of information between open systems including system functions, procedures and parameters and equipment as well as the conditions for their use.

This standardization includes both the lower layers that support the physical, data link, network and transport services, including private integrated services networking, as well as the upper layers that support the application protocols and services.

A vital aspect of this work is done in effective cooperation with the ITU-T and other world-wide and regional standardization bodies.

SC 6 Website

SC6 Working Groups:

WG 1   Physical and data link layers

WG 7  Network, transport and future network

WG 10   Directory, ASN.1 and registration

ISO/IEC JTC 1 SC 27 - IT Security Techniques

Area of Work

The development of standards for the protection of information and ICT.  This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as:

  • Security requirements capture methodology;

  • Management of information and ICT security; in particular information security management systems (ISMS), security processes, security controls and services;

  • Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity  and confidentiality of information;

  • Security management support documentation including terminology, guidelines as well as procedures for the registration of security components;

  • Security aspects of identity management, biometrics and privacy; 

  • Conformance assessment, accreditation and auditing requirements in the area of information security;

  • Security evaluation criteria and methodology. 

SC 27 engages in active liaison and collaboration with appropriate bodies to ensure the proper development and application of SC 27 standards and technical reports in relevant areas.

Current activities of SC 27 are divided into five working groups:

Working Group 1: Information security management systems

The scope of WG 1 covers the development of ISMS (Information Security Management System) standards and guidelines.  This includes:

  • Development and maintenance of the ISO/IEC 27000 ISMS standards family

  • Identification of requirements for future ISMS standards and guidelines

  • On-going maintenance of WG1 standing document SD WG 1/1 (WG 1 Roadmap)

Working Group 2: Cryptography and security mechanisms

Terms of Reference:

- to identify the need and requirements for these techniques and mechanisms in IT systems and applications; and

- to develop terminology, general models and standards for these techniques and mechanisms for use in security services.

The scope covers both cryptographic and non-cryptographic techniques and mechanisms.

Working Group 3: Security evaluation criteria

Terms of reference:

- Standards for IT Security evaluation and certification of IT systems, components, and products. This will include consideration of computer networks, distributed systems, associated application services, etc.

Three aspects may be distinguished:

- evaluation criteria;

- methodology for application of the criteria;

- administrative procedures for evaluation, certification, and accreditation schemes.

Working Group 4: Security controls and services

The scope of WG4 covers the development and maintenance of standards and guidelines addressing services and applications supporting the implementation of control objectives and controls as defined in ISO/IEC 27001. This includes:

-  Identification of requirements for and development of future service and applications standards and guidelines, for example in the areas of:

  • Business Continuity

  • Cyber Security

  • Outsourcing

-   On-going maintenance of WG4 standing document SD WG4/1 (WG4 Road Map)

Working Group 5: Identity management and privacy technologies

The scope of SC27/WG 5 covers the development and maintenance of standards and guidelines addressing security aspects of identity management, biometrics and the protection of personal data.

-  Identification of requirements for and development of future standards and guidelines in these areas.  For example in the area of identity management, topics such as

  • Role based access control

  • Provisioning

  • Identifiers

  • Single sign-on

In the area of Privacy, topics such as

  • A Privacy Framework

  • A Privacy Reference Architecture

  • Privacy infrastructures

  • Anonymity and credentials

  • Specific Privacy Enhancing Technologies (PETs)

  • Privacy Engineering

In the area of Biometrics, topics such as

  • Protection of biometric data

  • Authentication techniques

ISO/IEC JTC 1 SC37 Biometrics

Area of Work

Standardization of generic biometric technologies pertaining to human beings to support interoperability and data interchange among applications and systems. Generic human biometric standards include: common file frameworks; biometric application programming interfaces; biometric data interchange formats; related biometric profiles; application of evaluation criteria to biometric technologies; methodologies for performance testing and reporting and cross jurisdictional and societal aspects.

Excluded is the work ISOIEC JTC 1/SC 17 to apply biometric technologies to cards and personal identification.

Also excluded is the work in ISO/IEC JTC 1/SC 27 for biometric data protections techniques, biometric security testing, evaluations, and evaluations methodologies.

SC37 working groups are as follows:

JTC 1/SC 37/WG 1        Harmonized biometric vocabulary

JTC 1/SC 37/WG 2        Biometric technical interfaces

JTC 1/SC 37/WG 3        Biometric data interchange formats

JTC 1/SC 37/WG 4        Biometric functional architecture and related profiles

JTC 1/SC 37/WG 5        Biometric testing and reporting

JTC 1/SC 37/WG 6        Cross-jurisdictional and societal aspects of biometrics

IEC TC 57 Power systems management and associated information exchange


To prepare international standards for power systems control equipment and systems including EMS (Energy Management Systems), SCADA (Supervisory Control And Data Acquisition), distribution automation, teleprotection, and associated information exchange for real-time and non-real-time information, used in the planning, operation and maintenance of power systems. Power systems management comprises control within control centres, substations and individual pieces of primary equipment including telecontrol and interfaces to equipment, systems and databases, which may be outside the scope of TC 57. The special conditions in a high voltage environment have to be taken into consideration.

TC 57 has ten Working Groups of which the following is particularly relevant to security:

WG 15: Data and communication security

Other international security standards bodies and forums


Internet Engineering Task Force

The Internet Engineering Task Force (IETF) is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. It is open to any interested individual.

The actual technical work of the IETF is done in its working groups, which are organized by topic into several areas (e.g., routing, transport, security, etc.). Much of the work is handled via mailing lists. The IETF holds meetings three times per year.

Key IETF groups with security responsibilities

The IETF Security Area

The Security Area consists of the Security Area Directors who are assisted by a Security Area Directorate. The directorate is composed of the working group chairs in the Security Area and a group of individuals who act as advisers to other areas of the IETF at the request of the Security Area Directors.

The Directors and the Directorate is aided and advised by the Security Area Advisory Group (SAAG).

The SAAG acts as an open forum for Security Issues. Anyone can join the SAAG mailing list and are welcome at the SAAG meetings held at IETF meetings. The SAAG discussion archive is available at

Security Area Working Groups include the following: 

·         Domain Keys Identified Mail

·         EAP Method Update

·         Handover Keying

·         IP Security Maintenance and Extensions

·         Integrated Security Model for SNMP

·         Provisioning of Symmetric Keys

·         Kitten (GSS-API Next Generation)

·         Kerberos

·         Long-Term Archive and Notary Services

·         Multicast Security

·         Network Endpoint Assessment

·         Public-Key Infrastructure (X.509)

·         Transport Layer Security

Significant Working Groups in other Areas:

·         Keying and Authentication for Routing Protocols

·        Locator/ID Separation Protocol

·         Secure Inter-Domain Routing

·         Open Authentication

·         DNS Extensions

·         Routing Over Low power and Lossy networks  


Organization for the Advancement of Structured Information Standards (OASIS)

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence, and adoption of e-business standards. The consortium produces more Web services standards than any other organization along with standards for security, e-business, and standardization efforts in the public sector and for application-specific markets. Founded in 1993, OASIS has more than 4,000 participants, representing over 600 organizations and individual members in 100 countries.

OASIS is distinguished by its transparent governance and operating procedures. Members themselves set the OASIS technical agenda, using a lightweight process expressly designed to promote industry consensus and unite disparate efforts. Completed work is ratified by open ballot. Governance is accountable and unrestricted. Officers of both the OASIS Board of Directors and Technical Advisory Board are chosen by democratic election to serve two-year terms. Consortium leadership is based on individual merit and is not tied to financial contribution, corporate standing, or special appointment.

The Consortium hosts two of the most widely respected information portals on XML and Web services standards, Cover Pages and .  OASIS Member Sections include Blue, CGM Open, COSL, eGov, Emergency, IDtrust, LegalXML, Open CSA, and Telecom.


OASIS was founded in 1993 under the name SGML Open as a consortium of vendors and users devoted to developing guidelines for interoperability among products that support the Standard Generalized Markup Language (SGML). OASIS changed its name in 1998 to reflect an expanded scope of technical work, including the Extensible Markup Language (XML) and other related standards.

OASIS security committes:


The 3rd Generation Partnership Project (3GPP)

The 3rd Generation Partnership Project (3GPP) is a collaboration agreement that was established in December 1998. The collaboration agreement brings together a number of telecommunications standards bodies which are known as “Organizational Partners”. The current Organizational Partners are ARIB, CCSA, ETSI, ATIS, TTA, and TTC.

The establishment of 3GPP was formalized in December 1998 by the signing of the “ The 3rd Generation Partnership Project Agreement”.

The original scope of 3GPP was to produce globally applicable Technical Specifications and Technical Reports for a 3rd Generation Mobile System based on evolved GSM core networks and the radio access technologies that they support (i.e., Universal Terrestrial Radio Access (UTRA) both Frequency Division Duplex (FDD) and Time Division Duplex (TDD) modes). The scope was subsequently amended to include the maintenance and development of the Global System for Mobile communication (GSM) Technical Specifications and Technical Reports including evolved radio access technologies (e.g. General Packet Radio Service (GPRS) and Enhanced Data rates for GSM Evolution (EDGE)).

The discussions that led to the signing of the 3GPP Agreement were recorded in a series of slides called the “Partnership Project Description” that describes the basic principles and ideas on which the project is based. The Partnership Project Description has not been maintained since it’s first creation but the principles of operation of the project still remain valid.

In order to obtain a consolidated view of market requirements a second category of partnership was created within the project called “Market Representation Partners”.

“Observer” status is also possible within 3GPP for those telecommunication standards bodies which have the potential to become Organizational Partners but which, for various reasons, have not yet done so.

A permanent project support group called the "Mobile Competence Centre (MCC)" has been established to ensure the efficient day to day running of 3GPP. The MCC is based at the ETSI headquarters in Sophia Antipolis, France.

The term "3GPP specification" covers all GSM (including GPRS and EDGE) and W-CDMA specifications. The following terms are also used to describe networks using the 3G specifications: UTRAN, UMTS (in Europe) and FOMA (in Japan). Revised versions of many of these specifications are produced up to four times a year following the quarterly TSG plenary meetings. (TSG GERAN meets five times a year.)

Following each TSG SA plenary meeting, a complete set of specifications is produced. This set includes not only the new specifications generated at that meeting, but also the latest versions of each specification that was not changed at that meeting. i.e. each directory holds a complete set of specifications. Each set has an associated status list as detailed in the table below. Each set (and corresponding status list) includes the specs arising from the TSG GERAN meetings held since the preceding SA meeting. (GERAN meets asynchronously from the other TSGs.)

Specifications and their status are listed on the 3GPP web site.


The Third Generation Partnership Project 2 (3GPP2)

The Third Generation Partnership Project 2 (3GPP2) is a collaborative third generation (3G) telecommunications specifications-setting project comprising North American and Asian interests developing global specifications for ANSI/TIA/EIA-41 Cellular Radiotelecommunication Intersystem Operations network evolution to 3G and global specifications for the radio transmission technologies (RTTs) supported by ANSI/TIA/EIA-41.

3GPP2 was born out of the International Telecommunication Union's ( ITU ) International Mobile Telecommunications " IMT-2000 " initiative, covering high speed, broadband, and Internet Protocol (IP)-based mobile systems featuring network-to-network interconnection, feature/service transparency, global roaming and seamless services independent of location. IMT-2000 is intended to bring high-quality mobile multimedia telecommunications to a worldwide mass market by achieving the goals of increasing the speed and ease of wireless communications, responding to the problems faced by the increased demand to pass data via telecommunications, and providing "anytime, anywhere" services.

3GPP2 is a parallel, sister project to 3GPP.

3GPP2 is a collaborative effort between five officially recognized SDOs. They are:

ARIB - Association of Radio Industries and Businesses (Japan)
CCSA - China Communications Standards Association (China)
TIA - Telecommunications Industry Association (North America)
TTA - Telecommunications Technology Association (Korea)
TTC - Telecommunications Technology Committee (Japan)

These SDOs are known as the Project's Organizational Partners (OPs). 3GPP2 requires that a participating individual member company be affiliated with at least one of the Organizational Partners.

In addition, the Project has welcomed Market Representation Partners (MRPs) who offer market advice to 3GPP2 and bring a consensus view of market requirements (e.g., services, features and functionality) falling within the 3GPP2 scope. They are:

The CDMA Development Group (CDG)
IPv6 Forum
Mobile Ignite
ForumThe work of producing 3GPP2's specifications resides in the Project's four Technical Specification Groups (TSGs) comprised of representatives from the Project's Individual Member companies. The TSGs are: 

TSG-A (Access Network Interfaces)
TSG-C (cdma2000®)
TSG-S (Services and Systems Aspects)
TSG-X (Core Networks)

Each TSG meets, on average, ten times a year to produce technical specifications and reports. Since 3GPP2 has no legal status, ownership and copyright of these output documents is shared between the Organizational Partners. The documents cover all areas of the Project's charter, including cdma2000® and its enhancements. 

All TSGs report to the Project's Steering Committee , which is tasked with managing the overall work process and adopting the technical specifications forwarded by each of the TSGs.

Further information on 3GPP2 is available at: (3GPP2)Regional standards development organizations


Alliance for Telecommunications Industry Solutions (ATIS)

ATIS is a United States based body that is committed to rapidly developing and promoting technical and operations standards for the communications and related information technologies industry worldwide using a pragmatic, flexible and open approach..

ATIS prioritizes the industry’s most pressing, technical and operational issues, and creates interoperable, implementable, end to end solutions -- standards when the industry needs them and where they need them.

Over 1,100 industry professionals from more than 350 communications companies actively participate in ATIS’ 22 industry committees and incubator solutions programs. ATIS develops standards and solutions addressing a wide range of industry issues in a manner that allocates and coordinates industry resources and produces the greatest return for communications companies.

ATIS creates solutions that support the rollout of new products and services into the communications marketplace. Its standardization activities for wireless and wireline networks include interconnection standards, number portability, improved data transmission, Internet telephony, toll-free access, telecom fraud, and order and billing issues, among others. ATIS is accredited by the American National Standards Institute (ANSI).

Some ATIS committees and forums:

Network Reliability Steering Committee (NRSC)

The NRSC performs analyses of network outages and provides recommendations for corrective actions. NRSC issues quarterly and annual reports to the industry and the FCC, in liaison with the FCC's Network Reliability Council.


Optical Transport and Synchronization Committee (OPTXS)

OPTXS develops and recommends standards and prepares technical reports related to telecommunications network technology pertaining to network synchronization interfaces and hierarchical structures for U.S. telecommunications networks: some of which are associated with other telecommunications networks. OPTXS focuses on those functions and characteristics necessary to define and establish the interconnection of signals comprising network transport. This includes aspects of both asynchronous and synchronous networks. OPTXS also makes recommendations on related subject matter under consideration in various North American and international standards organizations.  

Network Performance, Reliability and Quality of Service Committee (PRQC) (Formerly T1A1)

PRQC develops and recommends standards, requirements, and technical reports related to the performance, reliability, and associated security aspects of communications networks, as well as the processing of voice, audio, data, image, and video signals, and their multimedia integration. PRQC also develops and recommends positions on, and foster consistency with, standards and related subjects under consideration in other North American and international standards bodies.

Packet Technologies and Systems Committee (PTSC)

PTSC develops and recommends standards and technical reports related to services, architectures, and signaling, in addition to related subjects under consideration in other North American and international standards bodies.

Telecom Management and Operations Committee (TMOC)

The Telecom Management and Operations Committee (TMOC) develops operations, administration, maintenance and provisioning standards, and other documentation related to Operations Support System (OSS) and Network Element (NE) functions and interfaces for communications networks - with an emphasis on standards development related to U.S.A. communication networks in coordination with the development of international standards.

Wireless Technologies and Systems Committee (WTSC)

Develops and recommends standards and technical reports related to wireless and/or mobile services and systems, including service descriptions and wireless technologies.

For information on ATIS, plus a complete listing of forums and committees see ATIS Local Information


The European Telecommunications Standards Institute (ETSI)

The European Telecommunications Standards Institute (ETSI) is an independent, non-profit organization, whose mission is to produce telecommunications standards for today and for the future.

Based in Sophia Antipolis (France), ETSI is officially responsible for standardization of Information and Communication Technologies (ICT) within Europe. These technologies include telecommunications, broadcasting and related areas such as intelligent transportation and medical electronics.

ETSI has over 700 members  from 62 countries around the world.  Members include manufacturers, network operators, administrations, service providers, research bodies and users - in fact, all the key players in the ICT arena.

ETSI plays a major role in developing a wide range of standards and other technical documentation as Europe's contribution to world-wide ICT standardization. This activity is supplemented by interoperability testing services and other specialisms. ETSI's prime objective is to support global harmonization by providing a forum in which all the key players can contribute actively. ETSI is officially recognized by the European Commission and the EFTA secretariat.

ETSI's Members determine the Institute’s work programme, allocate resources and approve its deliverables. As a result, ETSI's activities are closely aligned with market needs and there is wide acceptance of its products.

ETSI's standards are built on consensus.

The ETSI Technical Organization

In many ways, ETSI is typical of standardization bodies generally - the technical work (i.e. the creation of technical standards and specifications) is mostly done in committees. The Technical Committees and Projects form part of the ETSI Technical Organization. But ETSI differs from many other bodies in several important ways:

!                    there is direct participation by all members in the technical work

!                    the use of Specialist Task Forces (previously called Project Teams), meeting full-time or at least more frequently than the Technical Committees or Projects, has done much to accelerate the production process

!                    specialist studies in the areas of specification and testing methodologies help to ensure optimum quality and usability of ETSI's deliverables

!                    there is a strong trend to strategic alliances with other standardization/specification bodies around the world, which help to bring the skills and knowledge of the world's leading experts together to work on tasks for the common benefit of all participants.

The ETSI committee structure is shown in the following figure:


For more information on ETSI and its work see:


Institute of Electrical and Electronics Engineers, Inc. (IEEE)

IEEE is the world’s largest professional association dedicated to advancing technological innovation and excellence for the benefit of humanity. IEEE and its members inspire a global community through IEEE's highly cited publications, conferences, technology standards, and professional and educational activities.


Who the IEEE Serves

Through its global membership, the IEEE is a leading authority on areas ranging from aerospace systems, computers and telecommunications to biomedical engineering, electric power and consumer electronics among others. 

Members rely on the IEEE as a source of technical and professional information, resources and services.

To foster an interest in the engineering profession, the IEEE also serves student members in colleges and universities around the world. 

Other important constituencies include prospective members and organizations that purchase IEEE products and participate in conferences or other IEEE programs.

IEEE Standards Association (IEEE-SA) working groups aim to set priorities and develop appropriate standards. IEEE-SA working groups are open to everyone and participants need not be IEEE-SA members.

Current security-related work includes activities on public key cryptography.

More information about the IEEE and its activities is available at


Regional Asia Information Security Standards Exchange (RAISE Forum)

RAISE refers to Regional Asia Information Security Exchange, and is a Forum initiated by Mr Kang Meng Chow, the past Chairman of the Security & Privacy Standards Technical Committee. This initiative was mooted during Singapore's hosting of the ISO/IEC JTC1 SC27 Plenary and its Working Group meetings in April 2004. An online forum has since been set up with participation from various countries like Australia, Japan, Korea, Malaysia and Singapore.

The aims of this Forum are

  1. to provide a platform for sharing of knowledge and learning experiences in regional economies on security standards development, adoption and deployment;

  2. for the regional bodies to identify opportunities for regional collaborations to further the course of international security standards development and promulgation more effectively in the Asia region.

 This Forum is currently co-chaired by Mr Koji Nakao of KDDI, Japan and Mr Kang Meng Chow of Singapore. 

More information on RAISE is available at: RAISE Forum  

Summary of Roadmap Updates

Roadmap part

Release number

Last update

Introduction (Main page)


25th January, 2011

Part 1


23rd February, 2011

Part 2


31st January, 2011

Part 3


25th January, 2011

Part 4


25th January, 2011

Part 5


25th January, 2011

<< Introduction (Main page) - Part 1 - Part 2 - Part 3 - Part 4 - Part 5 - Part 6 >> ​​​